Malware Hub Report Panda Dome Advanced - February 2021 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

McMcbrad

Level 23
Oct 16, 2020
1,252
I've enabled Data Shield protection module for next tests and added there some system folders (Desktop and user docs folders).

I've also confirmed that still there a very annoying issue of Panda Dome,since I last tested in 2018... many times when Panda Dome finds a malicious file inside a folder, it DELETES ALL THE OTHER FILES INSIDE AND EVEN THE FULL FOLDER! 🤢🤮🤦‍♂️ it the last malware test I got this issue and had to extract again the other 2 samples to test...
By folder do you mean regular folder or compressed folder (archive)?
If it's doing this with regular folders this is the cleaning engine logic not being right and is a humongous issue.
It can do a lot of damage.
 
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Very interesting cleaning behaviour... it leaves autoruns (seen on one of the tests), but cleans folders entirely.
I like when the product has actually noticed what the malware in question has done and reverses that (Kaspersky, Avast, Trend Micro, Norton, MD). Not when it assumes what should and shouldn't be cleaned.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
The AsyncRAT missed on the last test is the Aggah/Haggah campaign malware that I posted about in the fileless Tesla. For a while there were no vbs scripts from it, but it actually used maldocs. Now they have returned to the same old. This method they use is already quite blatant and not being blocked by Panda is not really great.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
I don't put much emphasis on static detection myself:)(y)
Neither do I, but it's not like TruPrevent has done much either. Not sure if it can be tested with some malicious URLs as well, when I tested before, the web blocking was so bad, I escalated concern with support it doesn't work. Speaking of which, support was very bad too, they just sent me a link to an article on how to turn the feature on...they didn't even ask which website on which browser so it was clear they are not interested in helping the customer (I paid for Panda thinking it's still like before), they just send out templates. I told them it was on in my first email, which they haven't even read.
I've been a support agent myself (Oracle UK) and I don't like such attitude.

Only after few days of poking it blocked 2-3 URLs and the behaviour was inconsistent. Sometimes it would display a very outdated "Website Blocked 🚫" page (this page was used in the first versions of Cloud Antivirus around 2010 when it used Visicom Anti-Phishing instead of Cyren), other time it would not display anything, just the browser will fail to connect.

It was the worst performance I've seen in a URL filtering engine...
Also if you request reclassification they tell you to fill up a form on the Cyren website and it takes days. If I submit to Trend Micro Site Safety, it takes 20 minutes for a website to be reclassified.
 
Last edited:

silversurfer

Level 69
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,831
@silversurfer, that last Panda dome test with the Excel document, was this SilentBuilder?

I chosen the thread-title for samples, according to Analysis-Services: AnyRun & Triage, both has tagged that sample as #Qbot/Qakbot
I believe it must be "the version" of Qbot with SilentBuilder as recently almost always the case...

Payload .dll #Qbot

Sample .xls (latest Hub test)
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,174
If one compere this test with the last test from 2018, it's very obvious a degradation on the static detection. It's also obvious that for any user it's 100% needed to enable the so called Application Control ( AC ) for a better protection. That is not enabled by default.

Not getting a single " Clean " system verdict during a whole month is not very uplifting to see. I think Panda and it's developers has much to improve and work on, but I still want to highlight the Hubs disclaimer even if this test and it's result was probably by many already expected.
This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.
Big thanks @harlan4096 for the test. (y)
 
Top